From 6c57574eb5c923e14c78d5f783bb9617ba30be8a Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Mon, 7 Dec 2020 17:28:51 +0100 Subject: [PATCH] Support EL 7, install the chroot file. --- defaults/main.yml | 7 ++++- meta/main.yml | 5 ++- tasks/main.yml | 55 ++++++++++++++++++++++++--------- templates/vsftpd_chroot_list.j2 | 3 ++ 4 files changed, 53 insertions(+), 17 deletions(-) create mode 100644 templates/vsftpd_chroot_list.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 61b09f1..ba1c608 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -10,14 +10,19 @@ vsftpd_ls_recurse_enable: "NO" vsftpd_local_root: /dev/null vsftpd_pasv_min_port: 49152 vsftpd_pasv_max_port: 65534 +vsftpd_global_confi_dir: /etc/vsftpd vsftpd_chroot_list_enable: "YES" -vsftpd_chroot_list_file: /etc/vsftpd.chroot_list +vsftpd_chroot_list_file: '{{ vsftpd_global_confi_dir }}/chroot_list' vsftpd_chroot_passwd_enable: "NO" vsftpd_chroot_local_user: "NO" vsftpd_iptables_rules: True vsftpd_iptables_allowed_hosts: - 0.0.0.0/0 +vsftp_chrooted_users: [] +# - { login: 'user1' } +# - { login: 'user2' } + vsftpd_manage_user_acls: True vsftpd_manage_real_users: False vsftpd_manage_valid_shells: False diff --git a/meta/main.yml b/meta/main.yml index b3fe494..d4ec239 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -16,7 +16,10 @@ galaxy_info: - name: Ubuntu versions: - bionic - + - name: EL + versions: + - 7 + galaxy_tags: - ftp - ftpd diff --git a/tasks/main.yml b/tasks/main.yml index 0885c9c..dfe3a1f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,21 +1,46 @@ --- -- name: Install the vsftpd package - apt: pkg=vsftpd state=present update_cache=yes cache_valid_time=3600 +- name: Package, and config, deb distributions + block: + - name: Install the vsftpd package on deb distributions + apt: pkg=vsftpd state=present update_cache=yes cache_valid_time=3600 + + - name: Install the vsftpd configuration file + template: src=vsftpd.conf.j2 dest=/etc/vsftpd.conf mode=0444 owner=root group=root + notify: Restart the vsftpd server + tags: [ 'vsftpd', 'ftp', 'vsftpd_conf' ] + + when: ansible_distribution_file_variety == "Debian" tags: [ 'vsftpd', 'ftp' ] -- name: Install the vsftpd configuration file - template: src=vsftpd.conf.j2 dest=/etc/vsftpd.conf mode=0444 owner=root group=root - notify: Restart the vsftpd server +- name: Package, and config, el + block: + - name: Install the vsftpd package on el distributions + yum: pkg=vsftpd state=present + + - name: Install the vsftpd configuration file + template: src=vsftpd.conf.j2 dest={{ vsftpd_global_confi_dir }}/vsftpd.conf mode=0444 owner=root group=root + notify: Restart the vsftpd server + tags: [ 'vsftpd', 'ftp', 'vsftpd_conf' ] + + when: ansible_distribution_file_variety == "RedHat" tags: [ 'vsftpd', 'ftp' ] -- name: Start and enable the vsftpd server - service: name=vsftpd state=started enabled=yes - when: vsftpd_server_enabled +- name: Global configuration + block: + - name: Install the chroot list file + template: src=vsftpd_chroot_list.j2 dest={{ vsftpd_chroot_list_file }} mode=0444 owner=root group=root + + tags: [ 'vsftpd', 'ftp', 'vsftpd_conf' ] + +- name: vsftpd service + block: + - name: Start and enable the vsftpd server + service: name=vsftpd state=started enabled=yes + when: vsftpd_server_enabled + tags: [ 'vsftpd', 'ftp' ] + + - name: Stop and disable the vsftpd server + service: name=vsftpd state=stopped + when: not vsftpd_server_enabled + tags: [ 'vsftpd', 'ftp' ] - -- name: Stop and disable the vsftpd server - service: name=vsftpd state=stopped - when: not vsftpd_server_enabled - tags: [ 'vsftpd', 'ftp' ] - - diff --git a/templates/vsftpd_chroot_list.j2 b/templates/vsftpd_chroot_list.j2 new file mode 100644 index 0000000..234614f --- /dev/null +++ b/templates/vsftpd_chroot_list.j2 @@ -0,0 +1,3 @@ +{% for u in vsftp_chrooted_users %} +{{ u.login }} +{% endfor %}